The US government has, for the first time, attributed the SolarWinds cyber-espionage attacks to Russia, and clarified that fewer agencies have been affected than some first thought.
A lengthy joint statement from the FBI, NSA, the Office of the Director of National Intelligence (ODNI) and the Cybersecurity and Infrastructure Security Agency (CISA) claimed the attack was primarily an intelligence-gathering operation, “likely Russian in origin.”
While those in the cybersecurity community have always been fairly certain that the attack was indeed one focused on data theft, this confirmation could be viewed as an attempt to silence conspiracy theorists who have tried to tie it to debunked accusations of election fraud in November.
It’s unclear why it has taken the US authorities this long to name Russia: a New York Times report published as the news first broke had insiders naming APT29, or Cozy Bear, as the culprit.
The APT group has been linked to the Russian Foreign Intelligence Service (SVR) and KGB successor the Federal Security Service (FSB), and has been blamed for previous attacks on the Democratic National Committee (DNC) in 2016 and COVID-19 vaccine stakeholders last year.
Interestingly, the Cyber Unified Coordination Group (UCG) — a task force set up by the NSA, FBI, CISA and ODNI to mange the fall-out of the attacks — claimed that fewer than 10 US government agencies were caught in the campaign, a lower number than that previously reported by some media.
“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States government, as well as our private sector partners, have been working non-stop,” the statement noted.
“These efforts did not let up through the holidays. The UCG will continue taking every necessary action to investigate, remediate and share information with our partners and the American people.”